ABSTRACT
Smartphone has become the 4th basic necessity of human being after Food, Cloths and Home. It has become an integral part of the life that most of the business and office work can be operated by mobile phone and the demand for online classes demand for all class of students have become a compulsion without any alternate due to the COVID-19 pandemic. Android is considered as the most prevailing and used operating system for the mobile phone on this planet and for the same reason it is the most targeted mobile operating system by the hackers. Android malware has been increasing every quarter and every year. An android malware is installed and executed on the smartphones quietly without any indication and user’s acceptance, that possess threats to the consumer’s personal and/or classified information stored. To address these threats, varieties of techniques have been proposed by the researchers like Static, Dynamic and Hybrid. In this paper a systematic review has been carried out on the relevant studies from 2017 to 2020. Assessment of the malware detection capabilities of various techniques used by different researchers has been carried out with comparison of the performance of different machine learning models for the detection of android malwares by assessing the results of empirical evidences such as datasets, features, tools, etc. However the android malware detection still faces several challenges and the possible solution with some novel approach or technique to improve the detection capabilities is discussed in the discussion and conclusion. © 2022, Springer Nature Switzerland AG.
ABSTRACT
In the severe COVID-19 environment, encrypted mobile malware is increasingly threatening personal privacy, especially those targeting on Android platform. Existing methods mainly focus on extracting features from Android Malware (DroidMal) by reversing the binary samples, which is sensitive to the deduction of the available samples. Thus, they fail to tackle the insufficiency of the novel DoridMal. Therefore, it is necessary to investigate an effective solution to classify large-scale DroidMal, as well as to detect the novel one. We consider few-shot DroidMal detection as DoridMal encrypted network traffic classification and propose an image-based method with meta-learning, namely AMDetector, to address the issues. By capturing network traffic produced by DroidMal, samples are augmented and thus cater to the learning algorithms. Firstly, DroidMal encrypted traffic is converted to session images. Then, session images are embedded into a high dimension metric space, in which traffic samples can be linearly separated by computing the distance with the corresponding prototype. Large-scale and novel DroidMal traffic is classified by applying different meta-learning strategies. Experimental results on public datasets have demonstrated the capability of our method to classify large-scale known DroidMal traffic as well as to detect the novel one. It is encouraging to see that, our model achieves superior performance on known and novel DroidMal traffic classification among the state-of-the-arts. Moreover, AMDetector is able to classify the unseen cross-platform malware. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.